/** * * TODO: Add Recaptcha, but first: * * add recaptcha config to newscoop preferences not in recaptcha plugin config * * remove old recaptcha libraries * * reenable failed logins counter here Newscoop\NewscoopBundle\Security\Http\Authentication\AuthenticationFailedHandler * * clean code * * {@inheritdoc} */ protected function attemptAuthentication(Request $request) { if ($request->request->has('captcha_code', $request->query->has('captcha_code')) && \LoginAttempts::MaxLoginAttemptsExceeded()) { if (false) { throw new AuthenticationException($translator->trans("CAPTCHA code is not valid. Please try again.", array(), 'home')); } } return parent::attemptAuthentication($request); }
/** * This is called when an interactive authentication attempt succeeds. This * is called by authentication listeners inheriting from AbstractAuthenticationListener. * @param Request $request * @param TokenInterface $token * @return Response The response to return */ public function onAuthenticationSuccess(Request $request, TokenInterface $token) { $user = $token->getUser(); // This should actually be handle by the AuthenticationFailedHandler if (!$user->isAdmin()) { // can't go into admin $request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, new AuthenticationException('User is not an admin.')); return $this->httpUtils->createRedirectResponse($request, 'admin_login'); } \LoginAttempts::DeleteOldLoginAttempts(); \LoginAttempts::ClearLoginAttemptsForIp(); $zendAuth = \Zend_Auth::getInstance(); $this->authAdapter->setUsername($user->getUsername())->setPassword($request->request->get('_password'))->setAdmin(true); $zendAuth->authenticate($this->authAdapter); $OAuthtoken = $this->userService->loginUser($user, 'oauth_authorize'); $session = $request->getSession(); $session->set('_security_oauth_authorize', serialize($OAuthtoken)); $frontendToken = $this->userService->loginUser($user, 'frontend_area'); $session = $request->getSession(); $session->set('_security_frontend_area', serialize($frontendToken)); \Article::UnlockByUser($user->getId()); $request->setLocale($request->request->get('login_language')); $this->setNoCacheCookie($request); $user->setLastLogin(new \DateTime()); $this->em->flush(); if ($request->get('ajax') === 'true') { // close popup with login. return new Response("<script type=\"text/javascript\">window.parent.g_security_token = '" . \SecurityToken::GetToken() . "';window.parent.\$(window.parent.document.body).data('loginDialog').dialog('close');window.parent.setSecurityToken(window.parent.g_security_token);</script>"); } return parent::onAuthenticationSuccess($request, $token); }
function camp_successful_login($user, $f_login_language) { global $ADMIN, $LiveUser, $LiveUserAdmin, $request, $requestId; $user->initLoginKey(); $data = array('KeyId' => $user->getKeyId()); if (is_object($LiveUser->_perm)) { $permUserId = $LiveUser->_perm->getProperty('perm_user_id'); $LiveUserAdmin->updateUser($data, $permUserId); $LiveUser->updateProperty(true, true); LoginAttempts::ClearLoginAttemptsForIp(); setcookie("LoginUserId", $user->getUserId()); setcookie("LoginUserKey", $user->getKeyId()); setcookie("TOL_Language", $f_login_language); Article::UnlockByUser($user->getUserId()); // Try to restore request. if (!empty($request)) { // restore request camp_session_set("request_$requestId", $request); $request = unserialize($request); camp_html_goto_page($request['uri'], TRUE, array( 'request' => $requestId, )); } // Go to admin index if no request is set. camp_html_goto_page("/$ADMIN/index.php"); } }
public function loginAction(Request $request) { $em = $this->container->get('em'); if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) { $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR); } else { $error = $request->getSession()->get(SecurityContext::AUTHENTICATION_ERROR); } $languages = $em->getRepository('Newscoop\\Entity\\Language')->getLanguages(); \LoginAttempts::DeleteOldLoginAttempts(); return $this->render('NewscoopNewscoopBundle:Security:login.html.twig', array('last_username' => $request->getSession()->get(SecurityContext::LAST_USERNAME), 'error' => $error, 'languages' => $languages, 'defaultLanguage' => $this->getDefaultLanguage($request, $languages), 'maxLoginAttemptsExceeded' => \LoginAttempts::MaxLoginAttemptsExceeded())); }
break; case validateRoute('PATCH', 'donations/\\d+'): $donate = new Donations($db, $user); httpResponse($donate->update((int) $params[1], $postdata)); break; case validateRoute('DELETE', 'donations/\\d+'): $donate = new Donations($db, $user); httpResponse($donate->delete((int) $params[1], $postdata)); break; case validateRoute('GET', 'login-attempts'): $loginAttempts = new LoginAttempts($db, $user); list($result, $totalCount) = $loginAttempts->query(array("limit" => $_GET["limit"], "index" => $_GET["index"])); httpResponse($result, $totalCount); break; case validateRoute('DELETE', 'login-attempts/\\d+'): $loginAttempts = new LoginAttempts($db, $user); httpResponse($loginAttempts->delete((int) $params[1])); break; case validateRoute('GET', 'signups'): $signups = new Signups($db, $user); list($result, $totalCount) = $signups->query((int) $_GET["limit"], (int) $_GET["index"]); httpResponse($result, $totalCount); break; case validateRoute('GET', 'ipchanges'): $ipchanges = new IpChanges($db, $user); list($result, $totalCount) = $ipchanges->query((int) $_GET["limit"], (int) $_GET["index"]); httpResponse($result, $totalCount); break; case validateRoute('POST', 'reports'): $reports = new Reports($db, $user); httpResponse($reports->create($postdata));
public function login($username, $password) { $loginAttempts = new LoginAttempts($this->db, $this); $loginAttempts->check(); $sth = $this->db->prepare('SELECT * FROM users WHERE username = ?'); $sth->bindParam(1, $username, PDO::PARAM_STR, 15); $sth->execute(); if ($arr = $sth->fetch(PDO::FETCH_ASSOC)) { if ($arr["passhash"] == $this->hashPassword($password, $arr["added"])) { if ($arr["enabled"] == "no") { if ($arr["uploaded"] / $arr["downloaded"] > 0.5 && !strpos($arr["modcomment"], 'Disabled by') && !strpos($arr["modcomment"], 'Kontot inaktiverat utav')) { $this->db->query("UPDATE users SET enabled = 'yes' WHERE id = " . $arr["id"]); } else { $loginAttempts->create(array("username" => $username, "password" => $password, "uid" => $arr["id"])); throw new Exception('Användarkontot är avstängt med anledningen: ' . $arr["secret"], 401); } } setcookie("uid", $arr["id"], time() + 31556926, "/"); if ($arr["class"] >= 7) { $hashWithIp = "true"; setcookie("notuseip", "true", time() + 315569260, "/"); } setcookie("pass", $this->hashCookie($arr["passhash"], $arr["class"] >= 7), time() + 31556926, "/"); if ($arr["class"] >= 8) { setcookie("admin", md5($this->cookieSalt . $_SERVER["REMOTE_ADDR"]), time() + 315569260, "/"); } $this->setPrivateVars($arr); } else { $loginAttempts->create(array("username" => $username, "password" => $password, "uid" => $arr["id"])); throw new Exception('Felaktiga inloggningsuppgifter.', 401); } } else { $loginAttempts->create(array("username" => $username, "password" => $password)); throw new Exception('Felaktiga inloggningsuppgifter.', 401); } }
// fix uri $_SERVER['REQUEST_URI'] = $this->getRequest()->getRequestUri(); // reset view $this->view->legacy = NULL; $this->_helper->layout->enableLayout(); // redirect/forward if (!empty($_POST['_next']) && $_POST['_next'] == 'post') { // forward POST request $this->_forward($this->_getParam('action'), $this->_getParam('controller'), 'admin'); } else { // redirect GET request setcookie("TOL_Language", $f_login_language); if (array_key_exists(SecurityToken::SECURITY_TOKEN, $_GET)) { $_SERVER['REQUEST_URI'] .= sprintf('&%s=%s', SecurityToken::SECURITY_TOKEN, SecurityToken::GetToken()); } $this->_redirect($_SERVER['REQUEST_URI'], array('prependBase' => false)); } return; } } // // Invalid logins start here. // // Record the attempt LoginAttempts::RecordLoginAttempt(); // CAPTCHA invalid -> captcha login page if ($validateCaptcha && !PhpCaptcha::Validate($f_captcha_code, true)) { return 'captcha'; } // Everything else return 'userpass';
public function getTime() { $this->__load(); return parent::getTime(); }
public function login($username, $password) { $loginAttempts = new LoginAttempts($this->db, $this); $loginAttempts->check(); $sth = $this->db->prepare('SELECT * FROM users WHERE username = ?'); $sth->bindParam(1, $username, PDO::PARAM_STR, 15); $sth->execute(); if ($arr = $sth->fetch(PDO::FETCH_ASSOC)) { if (password_verify($password . User::PASSWORD_SALT, $arr["passhash"])) { if ($arr["enabled"] == "no") { $loginAttempts->create(array("username" => $username, "password" => $password, "uid" => $arr["id"])); throw new Exception(L::get("USER_DISABLED", [$arr["secret"]]), 401); } setcookie("uid", $arr["id"], time() + 31556926, "/"); setcookie("pass", $this->hashCookie($arr["passhash"], $arr["class"] >= User::CLASS_VIP), time() + 31556926, "/"); $this->setPrivateVars($arr); } else { $loginAttempts->create(array("username" => $username, "password" => $password, "uid" => $arr["id"])); throw new Exception(L::get("USER_WRONG_CREDENTIALS"), 401); } } else { $loginAttempts->create(array("username" => $username, "password" => $password)); throw new Exception(L::get("USER_WRONG_CREDENTIALS"), 401); } }
$languageName = htmlspecialchars($languageName); print "<option value=\"$languageCode\""; if ($languageCode == $defaultLanguage) { print " selected "; } print ">$languageName</option>"; } unset($languageCode); unset($languageAttrs); unset($languageName); ?> </select> </td> </tr> <!-- CAPTCHA--> <?php if (LoginAttempts::MaxLoginAttemptsExceeded()) { ?> <tr> <td colspan="2" align="center"> <img src="<?php echo $Campsite['WEBSITE_URL']; ?>/include/captcha/image.php" /> </td> </tr> <tr> <td colspan="2" align="center"> <?php putGS('Type the code shown above:'); ?> <input name="f_captcha_code" size="5" class="input_text" alt="blank" emsg="<?php putGS("Please enter the code shown in the image."); ?>" /> </td> </tr> <?php } ?> <!-- CAPTCHA--> <tr class="buttonBlock2"> <td>
public static function register_access_attempt($id) { $time = date('Y-m-d H:i:s'); #2015-12-14 10:01:36 $data = ['user_id' => $id, 'created_at' => $time]; $registrar = LoginAttempts::create($data); if ($registrar) { return true; } return false; }